From 6b0ec6cda4580e680291af1f1372b71b8af6f48c Mon Sep 17 00:00:00 2001
From: Eileen McNaughton <emcnaughton@wikimedia.org>
Date: Thu, 13 Jan 2022 17:56:44 +1300
Subject: [PATCH] More permission access handling for
 civicrm/admin/financial/financialType?reset=1 to extension

(works for browse & edit)
---
 CRM/Financial/Form/FinancialType.php | 6 ------
 CRM/Financial/Page/FinancialType.php | 6 ------
 ext/financialacls/financialacls.php  | 9 +++++++++
 3 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/CRM/Financial/Form/FinancialType.php b/CRM/Financial/Form/FinancialType.php
index 9dce6892ac2e..5dc3100dd93c 100644
--- a/CRM/Financial/Form/FinancialType.php
+++ b/CRM/Financial/Form/FinancialType.php
@@ -44,12 +44,6 @@ class CRM_Financial_Form_FinancialType extends CRM_Core_Form {
    * @throws \CRM_Core_Exception
    */
   public function preProcess() {
-    // Check permission for Financial Type when ACL-FT is enabled
-    if (CRM_Financial_BAO_FinancialType::isACLFinancialTypeStatus()
-      && !CRM_Core_Permission::check('administer CiviCRM Financial Types')
-    ) {
-      CRM_Core_Error::statusBounce(ts('You do not have permission to access this page.'));
-    }
     $this->_id = CRM_Utils_Request::retrieve('id', 'Positive', $this);
     parent::preProcess();
     $this->setPageTitle(ts('Financial Type'));
diff --git a/CRM/Financial/Page/FinancialType.php b/CRM/Financial/Page/FinancialType.php
index adb78a4ef802..5c9f2d4c64c1 100644
--- a/CRM/Financial/Page/FinancialType.php
+++ b/CRM/Financial/Page/FinancialType.php
@@ -84,12 +84,6 @@ public function &links() {
    * Browse all financial types.
    */
   public function browse() {
-    // Check permission for Financial Type when ACL-FT is enabled
-    if (CRM_Financial_BAO_FinancialType::isACLFinancialTypeStatus()
-      && !CRM_Core_Permission::check('administer CiviCRM Financial Types')
-    ) {
-      CRM_Core_Error::statusBounce(ts('You do not have permission to access this page.'));
-    }
     // get all financial types sorted by weight
     $financialType = [];
     $dao = new CRM_Financial_DAO_FinancialType();
diff --git a/ext/financialacls/financialacls.php b/ext/financialacls/financialacls.php
index a1f3f0f7d451..19d5f24f480d 100644
--- a/ext/financialacls/financialacls.php
+++ b/ext/financialacls/financialacls.php
@@ -445,6 +445,15 @@ function financialacls_civicrm_preProcess($formName, &$form) {
 
 }
 
+/**
+ * Require financial acl permissions for financial screens.
+ *
+ * @param array $menu
+ */
+function financialacls_civicrm_alterMenu(array &$menu): void {
+  $menu['civicrm/admin/financial/financialType']['access_arguments'] = [['administer CiviCRM Financial Types']];
+}
+
 /**
  * Implements hook_civicrm_navigationMenu().
  *